Am Dienstag, dem 02.04.2024 um 13:28 -0700 schrieb Ian Lance Taylor via Gcc:
> > On Tue, Apr 2, 2024 at 1:21 PM Paul Koning via Gcc wrote:
> > > >
> > > > Would it help to require (rather than just recommend) "don't use root
> > > > except for the actual 'install' step" ?
> >
> > Seems reasonab
On Tue, Apr 2, 2024 at 7:35 PM Paul Koning via Gdb wrote:
> [...]
>
> I agree that GDB, and for that matter other projects with significant numbers
> of contributors, are not nearly as likely to be vulnerable to this sort of
> attack. But I worry that xz may not be the only project that's small
> On Apr 2, 2024, at 6:08 PM, Guinevere Larsen wrote:
>
> On 4/2/24 16:54, Sandra Loosemore wrote:
>> On 4/1/24 09:06, Mark Wielaard wrote:
>>> A big thanks to everybody working this long Easter weekend who helped
>>> analyze the xz-backdoor and making sure the impact on Sourceware and
>>> the
On Tue, Apr 2, 2024 at 6:09 PM Guinevere Larsen via Gdb
wrote:
> [...]
> What likely happened for the maintainer who acted in bad faith was that
> they entered the project with bad faith intent from the start - seeing
> as they were only involved with the project for 2 years, and there was
> much
Thanks for initiating this discussion Eugene. For a little bit more context
on the motivation -- Meta has developed a new type of AutoFDO which is
committed upstream in LLVM and we want to unify our tooling with this
approach.
> I do wonder how much common code there is
> between the LLVM and the
On 4/2/24 16:54, Sandra Loosemore wrote:
On 4/1/24 09:06, Mark Wielaard wrote:
A big thanks to everybody working this long Easter weekend who helped
analyze the xz-backdoor and making sure the impact on Sourceware and
the hosted projects was minimal.
This email isn't about the xz-backdoor itsel
On Tue, Apr 2, 2024 at 1:21 PM Paul Koning via Gcc wrote:
>
> Would it help to require (rather than just recommend) "don't use root except
> for the actual 'install' step" ?
Seems reasonable, but note that it wouldn't make any difference to
this attack. The liblzma library was modified to corru
> On Apr 2, 2024, at 4:03 PM, Paul Eggert wrote:
>
> On 4/2/24 12:54, Sandra Loosemore wrote:
>> Do we to harden our process, too, to require all patches to be signed off by
>> someone else before committing?
>
> It's easy for an attacker to arrange to have "someone else" in cahoots.
>
> Al
On 4/2/24 12:54, Sandra Loosemore wrote:
Do we to harden our process, too, to require all patches to be signed
off by someone else before committing?
It's easy for an attacker to arrange to have "someone else" in cahoots.
Although signoffs can indeed help catch inadvertent mistakes, they're
r
On 4/1/24 09:06, Mark Wielaard wrote:
A big thanks to everybody working this long Easter weekend who helped
analyze the xz-backdoor and making sure the impact on Sourceware and
the hosted projects was minimal.
This email isn't about the xz-backdoor itself. Do see Sam James FAQ
https://gist.githu
Hello,
On Sun, Mar 31 2024, tmpod via Gcc wrote:
> Hello,
>
> I am a Computer Science student, currently taking a Master's degree in
>
>
> Portugal's top university. I have a
Hello,
On Sat, Mar 30 2024, Nada Elsayed via Gcc wrote:
> I think that I didn't fully understand the project, so I read more and
> updated the Timeline Suggestion.
Sorry that we were for not being able to respond sooner, Easter got into
way in an unfortunate way. I do not know much about Cython
On Tue, 2024-04-02 at 10:06 -0400, David Malcolm wrote:
> What timezone are you in? (I'm in EDT, UTC+4)
Sorry, that should be UTC-4 (on the east coast of the US)
Dave
On Sat, 2024-03-30 at 13:54 +0200, Nada Elsayed wrote:
> I think that I didn't fully understand the project, so I read more
> and
> updated the Timeline Suggestion.
Hi Nada
I'm very sorry for not responding sooner; I've been dealing with an
difficult issue that's arisen outside of my computer wo
On Tue, Apr 2, 2024 at 11:14 AM Thor Preimesberger via Gcc
wrote:
>
> Forgot to CC the mailing list - mea culpa.
>
> -- Forwarded message -
> From: Thor Preimesberger
> Date: Tue, Apr 2, 2024 at 5:57 PM
> Subject: Re: [GSoC] Application RFC + Question - GENERIC dump
> To: Richard
Forgot to CC the mailing list - mea culpa.
-- Forwarded message -
From: Thor Preimesberger
Date: Tue, Apr 2, 2024 at 5:57 PM
Subject: Re: [GSoC] Application RFC + Question - GENERIC dump
To: Richard Biener
Thanks for the quick feedback, especially on such short notice - I'll
ge
On Mon, Apr 1, 2024 at 6:23 PM Thor Preimesberger via Gcc
wrote:
>
> Hey all,
>
> I'm joining the group of people submitting their GSoC applications
> over the holiday. I'm interested in the "Implement structured dumping
> of GENERIC" project idea, and the application I've written is below.
T
17 matches
Mail list logo
